From patchwork Fri Jun 16 19:17:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 109347 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1571868vqr; Fri, 16 Jun 2023 12:37:44 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7aWTdWm/wS4u+ym/2faO1spPICs4H05YC9SX+enyECNCvXuB8iSSZ8XUPp9YUF4jRBfm2d X-Received: by 2002:a05:6808:145:b0:39a:aba9:bcbd with SMTP id h5-20020a056808014500b0039aaba9bcbdmr2836184oie.51.1686944264378; Fri, 16 Jun 2023 12:37:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686944264; cv=none; d=google.com; s=arc-20160816; b=Q/6Fm6gss8i2BSOuYKq1kzATJhB7RTG2iiMROj3MMmHWcpxrS3RzwYaxebb3C51wnq Yqr7bYXnJSbVzclC8LU0aGNMHTcm0LojhNU2JVcDsAj0SyZ+QnwxqH8zamKkNfSaBY4n lJLhVRuFEplJxxFCwyNe/d7sJfgoGklJtdBPD0RsHOro66dKmLDy5ocNILsOzTd3iQTg 7nssEe8sjmLBvvboJ1n6d6w5sI12qQY9+DVvStDWSq9rGw5hDDmEDD6+RmBybImkoR/f KYdcfWD93Ss6qZxem6ENAsNkdFO5I8vmaom6I2VnzMyd50o4Nj9mvxw9WsE4QHUOITqn ztWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=zk8bNeb/HVzhu+VkQCBXkbL/CuPxVozvpdryx3JR3kk=; b=MMKplBFlQgzXnUMzAI9NNtxy5j7fHX8Y9/8wcprkEmae+vDfTQnlcAtkq4IadxNgPq Dm0MuHdLmGfdbHNrRzEPqEsIQK5hl1oauhAVK1JNM6U0PhNimYb6rYkjXslQ/dYKtjdi UcYHtVMXbdEDvi2nDCamCsXHzGykkuB3u6D3PjO5hHDAIDgnIN2RpQbMOAfwJ4tBNK4H jBPfM6VqNSEw5yEFiveDbTquExSqzzmj/GZppS+g4KmQSdjuDINfs0v8Kj8qbcksDry4 iCwkwBIYENrzYHL10a1DJQ89oMQL4SMzoBXg68sCEQiwk6+jAx1dqXwcJ/P3vbEq+R+m Jqwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=2wWN+MOy; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t123-20020a637881000000b0053422305c20si16798699pgc.14.2023.06.16.12.37.30; Fri, 16 Jun 2023 12:37:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=2wWN+MOy; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345983AbjFPTTj (ORCPT + 99 others); Fri, 16 Jun 2023 15:19:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345975AbjFPTRR (ORCPT ); Fri, 16 Jun 2023 15:17:17 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1DDDB3ABC; Fri, 16 Jun 2023 12:17:07 -0700 (PDT) Date: Fri, 16 Jun 2023 19:17:04 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1686943025; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=zk8bNeb/HVzhu+VkQCBXkbL/CuPxVozvpdryx3JR3kk=; b=2wWN+MOy/MMeeJ8mpKVY8G9XePnQpJU3zSvRb7vOn8Hem+dEpZvDx+0oR7Y306Hq8HvjjC TH+Hzi+aCrkMWnJYxs3woaNOSRIfuqaIsNAEf+A/Z5dyo5FlFxoB+PTvZG+ym4/1GdssEq gO0pilAmnXzfertj11tLWEHUkK/hWoJ8n8ihPRcREDGz04Ore98M1lU9800xaFpv8eMWhF UqBpafOo7Ur237j2CXgiIofu48CTs/peWttLXgckrOylzqh1TS9mkQ0r3l85GkQeFzkhIF QmUD3150ILx3XmDmwPnlbpqErBodBqcCFHSsHHCUdEH61pUT+aNG7s9nO6OZdg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1686943025; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=zk8bNeb/HVzhu+VkQCBXkbL/CuPxVozvpdryx3JR3kk=; b=myR0DoSTbfmDGRYOtangoC9vXof1/wxzXHnkqlwIedNmLOyd0SgG1V00ZlPArfLzBd6MNh wvFJPSKjmV6K6rCw== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] x86/traps: Move control protection handler to separate file Cc: Rick Edgecombe , Dave Hansen , "Borislav Petkov (AMD)" , Kees Cook , "Mike Rapoport (IBM)" , Pengfei Xu , John Allen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <168694302497.404.7743562386735342979.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768889269234845722?= X-GMAIL-MSGID: =?utf-8?q?1768889269234845722?= The following commit has been merged into the x86/shstk branch of tip: Commit-ID: e17535957e6abd561790778fba0f8205eb0d4c50 Gitweb: https://git.kernel.org/tip/e17535957e6abd561790778fba0f8205eb0d4c50 Author: Rick Edgecombe AuthorDate: Mon, 12 Jun 2023 17:10:33 -07:00 Committer: Dave Hansen CommitterDate: Thu, 15 Jun 2023 16:31:00 -07:00 x86/traps: Move control protection handler to separate file Today the control protection handler is defined in traps.c and used only for the kernel IBT feature. To reduce ifdeffery, move it to it's own file. In future patches, functionality will be added to make this handler also handle user shadow stack faults. So name the file cet.c. No functional change. Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230613001108.3040476-8-rick.p.edgecombe%40intel.com --- arch/x86/kernel/Makefile | 2 +- arch/x86/kernel/cet.c | 76 +++++++++++++++++++++++++++++++++++++++- arch/x86/kernel/traps.c | 75 +-------------------------------------- 3 files changed, 78 insertions(+), 75 deletions(-) create mode 100644 arch/x86/kernel/cet.c diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 4070a01..abee056 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -145,6 +145,8 @@ obj-$(CONFIG_CFI_CLANG) += cfi.o obj-$(CONFIG_CALL_THUNKS) += callthunks.o +obj-$(CONFIG_X86_CET) += cet.o + ### # 64 bit specific files ifeq ($(CONFIG_X86_64),y) diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c new file mode 100644 index 0000000..7ad22b7 --- /dev/null +++ b/arch/x86/kernel/cet.c @@ -0,0 +1,76 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include +#include + +static __ro_after_init bool ibt_fatal = true; + +extern void ibt_selftest_ip(void); /* code label defined in asm below */ + +enum cp_error_code { + CP_EC = (1 << 15) - 1, + + CP_RET = 1, + CP_IRET = 2, + CP_ENDBR = 3, + CP_RSTRORSSP = 4, + CP_SETSSBSY = 5, + + CP_ENCL = 1 << 15, +}; + +DEFINE_IDTENTRY_ERRORCODE(exc_control_protection) +{ + if (!cpu_feature_enabled(X86_FEATURE_IBT)) { + pr_err("Unexpected #CP\n"); + BUG(); + } + + if (WARN_ON_ONCE(user_mode(regs) || (error_code & CP_EC) != CP_ENDBR)) + return; + + if (unlikely(regs->ip == (unsigned long)&ibt_selftest_ip)) { + regs->ax = 0; + return; + } + + pr_err("Missing ENDBR: %pS\n", (void *)instruction_pointer(regs)); + if (!ibt_fatal) { + printk(KERN_DEFAULT CUT_HERE); + __warn(__FILE__, __LINE__, (void *)regs->ip, TAINT_WARN, regs, NULL); + return; + } + BUG(); +} + +/* Must be noinline to ensure uniqueness of ibt_selftest_ip. */ +noinline bool ibt_selftest(void) +{ + unsigned long ret; + + asm (" lea ibt_selftest_ip(%%rip), %%rax\n\t" + ANNOTATE_RETPOLINE_SAFE + " jmp *%%rax\n\t" + "ibt_selftest_ip:\n\t" + UNWIND_HINT_FUNC + ANNOTATE_NOENDBR + " nop\n\t" + + : "=a" (ret) : : "memory"); + + return !ret; +} + +static int __init ibt_setup(char *str) +{ + if (!strcmp(str, "off")) + setup_clear_cpu_cap(X86_FEATURE_IBT); + + if (!strcmp(str, "warn")) + ibt_fatal = false; + + return 1; +} + +__setup("ibt=", ibt_setup); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 58b1f20..6f666df 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -213,81 +213,6 @@ DEFINE_IDTENTRY(exc_overflow) do_error_trap(regs, 0, "overflow", X86_TRAP_OF, SIGSEGV, 0, NULL); } -#ifdef CONFIG_X86_KERNEL_IBT - -static __ro_after_init bool ibt_fatal = true; - -extern void ibt_selftest_ip(void); /* code label defined in asm below */ - -enum cp_error_code { - CP_EC = (1 << 15) - 1, - - CP_RET = 1, - CP_IRET = 2, - CP_ENDBR = 3, - CP_RSTRORSSP = 4, - CP_SETSSBSY = 5, - - CP_ENCL = 1 << 15, -}; - -DEFINE_IDTENTRY_ERRORCODE(exc_control_protection) -{ - if (!cpu_feature_enabled(X86_FEATURE_IBT)) { - pr_err("Unexpected #CP\n"); - BUG(); - } - - if (WARN_ON_ONCE(user_mode(regs) || (error_code & CP_EC) != CP_ENDBR)) - return; - - if (unlikely(regs->ip == (unsigned long)&ibt_selftest_ip)) { - regs->ax = 0; - return; - } - - pr_err("Missing ENDBR: %pS\n", (void *)instruction_pointer(regs)); - if (!ibt_fatal) { - printk(KERN_DEFAULT CUT_HERE); - __warn(__FILE__, __LINE__, (void *)regs->ip, TAINT_WARN, regs, NULL); - return; - } - BUG(); -} - -/* Must be noinline to ensure uniqueness of ibt_selftest_ip. */ -noinline bool ibt_selftest(void) -{ - unsigned long ret; - - asm (" lea ibt_selftest_ip(%%rip), %%rax\n\t" - ANNOTATE_RETPOLINE_SAFE - " jmp *%%rax\n\t" - "ibt_selftest_ip:\n\t" - UNWIND_HINT_FUNC - ANNOTATE_NOENDBR - " nop\n\t" - - : "=a" (ret) : : "memory"); - - return !ret; -} - -static int __init ibt_setup(char *str) -{ - if (!strcmp(str, "off")) - setup_clear_cpu_cap(X86_FEATURE_IBT); - - if (!strcmp(str, "warn")) - ibt_fatal = false; - - return 1; -} - -__setup("ibt=", ibt_setup); - -#endif /* CONFIG_X86_KERNEL_IBT */ - #ifdef CONFIG_X86_F00F_BUG void handle_invalid_op(struct pt_regs *regs) #else